Marco Marongiu writes: > Hi there > > I'm referring to this one in particular: "::1 can be spoofed on some > OSes, so ACLs based on IPv6 ::1 addresses can be bypassed". > > Debian Squeeze doesn't have a patched package available in the > squeeze-lts series yet. On those clients would a restriction like > > restrict ::1 ignore > > mitigate the vulnerability?
I think so, but it will also make it much harder to use ntpq and other things. It also won't do anything to protect other services that might use source ACLs for protection Better to: - fix your firewall rules to block ::1 incoming packets on external interfaces - just build 4.2.8p1 and install it H _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
